Pulse of Truth

Curiosity gives crims access to wallets and passwords Organizations should be on the lookout for bogus copyright infringement emails as they might be the latest ploy by cybercriminals to steal their data.…

A proposed amendment would exclude legitimate security research from the definition of data espionage.

Sebastian Sinclair / Decrypt: Detroit plans to accept crypto, including BTC and ETH, for tax and fee payments starting mid-2025 via a PayPal-managed platform, the largest US city to do so  —  Starting in mid-2025, Detroit residents will be able to pay with popular cryptos like Bitcoin and Ethereum through a PayPal-managed platform.

In a bold move, Apple has published a draft ballot for commentary to GitHub to shorten Transport Layer Security (TLS) certificates down from 398 days to just 45 days by 2027. The Apple proposal will likely go up for a vote among Certification Authority Browser Forum (CA/B Forum) members in the upcoming months. Apple isn’t the first of the big players to suggest such a move. Last year, Google announced its intention to mandate 90-day … More → The post Apple’s 45-day certificate proposal: A call to action appeared first on Help Net Security.

Intel’s faulty 13th- and 14th-gen CPUs trigger lawsuit out for blood.

Nokia's investigation of recent claims of a data breach found that the source code leaked on a hacker forum belongs to a third party and company and customer data has not been impacted. [...]

North Korean threat actor BlueNoroff has been targeting crypto-related businesses with a new multi-stage malware for macOS systems. [...]

Roblox Corp. introduced new rules preventing kids under 13 from accessing online games intended just for socializing and from making some kinds of virtual content, like drawing on digital chalkboards, the latest in a series of child-safety changes at the company.

Canada ordered ByteDance Ltd. to wind up its subsidiary TikTok Technology Canada, Inc. — though the move will not stop Canadians from using the popular Chinese-backed social video app.

In case today’s news cycle wasn’t shocking enough, here’s a gem from Sophos Fresh from a series of serious reports detailing its five-year battle with Chinese cyberattackers, Sophos has dropped a curious story about users of a popular infostealer-cum-RAT targeting a niche group of victims.…

Campaigns like Silver Fox and Void Arachne are deploying the framework, using social media and messaging platforms to lure in victims.

The tech world has been abuzz with discussions about cloud repatriation, the practice of moving workloads from public clouds back The post Why Companies Are Ditching the Cloud: The Rise of Cloud Repatriation appeared first on The New Stack.

Comments

The cybersecurity skills gap continues to widen, with serious consequences for organizations worldwide. According to IBM’s 2024 Cost Of A Data Breach Report, more than half of breached organizations now face severe security staffing shortages, a whopping 26.2% increase from the previous year. And that’s expensive. This skills deficit adds an average of $1.76 million in […] The post Skills shortage directly tied to financial loss in data breaches appeared first on Security Intelligence.

INTERPOL has dismantled over 22,000 malicious IP addresses and servers linked to various cyber threats. This operation, code-named Synergia II, ran from April 1 to August 31, 2024, and was a collaborative effort between INTERPOL, private sector partners, and law enforcement agencies across 95 member countries.  The operation, which primarily targeted phishing, ransomware, and information stealers, identified approximately 30,000 suspicious IP […] The post INTERPOL Takes Down 22,000 malicious IP addresses Used for Hacking appeared first on Cyber Security News.

The FBI has issued a warning that cybercriminals are taking over email accounts via stolen session cookies, whether or not someone has set up MFA.

Cisco has fixed a maximum severity vulnerability that allows attackers to run commands with root privileges on vulnerable Ultra-Reliable Wireless Backhaul (URWB) access points that provide connectivity for industrial wireless automation. [...]

Canadian authorities have arrested a man suspected of having stolen the data of hundreds of millions after targeting over 165 organizations, all of them customers of cloud storage company Snowflake. [...]

Puppeteer or Pupeter? One of them will snoop around on your machine and steal your credentials An ongoing typosquatting campaign is targeting developers via hundreds of popular JavaScript libraries, whose weekly downloads number in the tens of millions, to infect systems with info-stealing and snooping malware.…

CTL staff Scott Rose, Oliver Borchert, and Doug Montgomery participated in the first joint O-RAN / 3GPP workshop on the standardization of zero trust architecture (ZTA) in mobile networks. Scott opened the workshop with a presentation on "NIST

Google warns of the limited, targeted exploitation of two vulnerabilities resolved with the latest Android security update. The post Google Patches Two Android Vulnerabilities Exploited in Targeted Attacks appeared first on SecurityWeek.

Comments

The proliferation of non-human identities and the complexity of modern application architectures has created significant security challenges, particularly in managing sensitive credentials, according to GitGuardian. Based on a survey of 1,000 IT decision-makers in organizations with over 500 employees across the US, UK, Germany, and France, the report reveals a significant rise in awareness and concern regarding the risks associated with secrets sprawl. Secrets leaks are on the rise 79% of respondents reported having experienced … More → The post AI learning mechanisms may lead to increase in codebase leaks appeared first on Help Net Security.

The Cybersecurity and Infrastructure Security Agency and Federal Bureau of Investigation assert that C, C++, and other memory-unsafe languages contribute to potential security breaches.